Configure Ranger KMS Database for SSL-enabled MySQL
When an SSL-enabled database is configured for use with Ranger KMS, you must add certain configurations to Ranger:
In
Ambari>Ranger KMS>Configs>Advanced>Custom kms-properties
, add the following parameters:db_ssl_enabled=True
db_ssl_required=True
db_ssl_verifyServerCertificate=True
javax_net_ssl_keyStore=
/etc/ranger/admin/keystore
javax_net_ssl_keyStorePassword=ranger
javax_net_ssl_trustStore=
/etc/ranger/admin/truststore
javax_net_ssl_trustStorePassword=ranger
Change keystore and truststore file paths according to your environment.
If certificate verification is not required, you can set value
false
in propertydb_ssl_verifyServerCertificate
. In this case, keystore and truststore file location need not to be valid and/or mandatory.In
Ambari>Ranger KMS>Configs>Advanced>Custom dbks-site
, add the following parameters:ranger.ks.db.ssl.enabled=true
ranger.ks.db.ssl.required=true
ranger.ks.db.ssl.verifyServerCertificate=true
ranger.ks.keystore.file=
/etc/ranger/admin/keystore
ranger.ks.keystore.password=ranger
ranger.ks.truststore.file=
/etc/ranger/admin/truststore
ranger.ks.truststore.password=
password
Change keystore file path according to your environment.
If certificate verification is not required, then you can set value
false
in propertyranger.db.ssl.verifyServerCertificate
. In this case, keystore and truststore file location need not to be valid and/or mandatory.Install/restart Ranger KMS.